This Wiki is available to view at but still under maintenance. PLEASE DO NOT EDIT THE WIKI UNTIL FURTHER NOTICE. We are attempting to restore missing edits which took place between Monday 8 and Thursday 11 April 2019, therefore the site is likely to be taken off line at any time. Updated 20:43 CEST 16 April 2019.
Page tree
Skip to end of metadata
Go to start of metadata

As part of the Libraries walk-in-user pilot AARC project partner set up a customized instance of their solution didmos LUI (LDAP User Interface) that is being used for administrators to manage their libraries' / campuses' IP address ranges.

As can be seen on the main documentation page for the Libraries walk-in-user pilot, the portal has the following features:

  • Protected by a Shibboleth SP, any user from a federated IdP can access
  • Library administrators are authorized by
    • their eduPersonPrincipalName
    • their eduPersonEntitlement (must have some predefined value)
  • The only menu item "Trusted IP ranges" will allow Library administrators to enter any number of LDAP entries that
    • have an IP range start and end
    • associated eduPersonAffiliation (default unscoped value "library-walk-in", the generated scope will be taken from the scope of the administrator's eduPersonPrincipalName)
    • associated eduPersonEntitlement (can be set freely)
    • some description
  • The Walk-in-Library-User IdP will then use these LDAP entries to set these eduPersonAffiliation and eduPersonEntitlement values upon login of some user from that IP range

didmos LUI is written in Perl/CGI and is being used by DAASI as a customized frontend for their LDAP deployments. Both its source code and AARC customized configuration can be provided upon request (please send an e-mail to

  • No labels